Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-40595 Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data.
network
low complexity
splunk CWE-502
8.8
2023-08-25 CVE-2023-24621 Deserialization of Untrusted Data vulnerability in Esotericsoftware Yamlbeans
An issue was discovered in Esoteric YamlBeans through 1.15.
local
low complexity
esotericsoftware CWE-502
7.8
2023-08-24 CVE-2023-34040 Deserialization of Untrusted Data vulnerability in VMWare Spring for Apache Kafka
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied.
local
low complexity
vmware CWE-502
7.8
2023-08-21 CVE-2023-39106 Deserialization of Untrusted Data vulnerability in Alibabacloud Nacos Spring Project
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.
network
low complexity
alibabacloud CWE-502
8.8
2023-08-14 CVE-2023-3259 Deserialization of Untrusted Data vulnerability in Dataprobe products
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass.
network
low complexity
dataprobe CWE-502
critical
9.8
2023-08-13 CVE-2023-39396 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
Deserialization vulnerability in the input module.
network
low complexity
huawei CWE-502
7.5
2023-08-02 CVE-2022-40609 Deserialization of Untrusted Data vulnerability in IBM SDK
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw.
network
low complexity
ibm CWE-502
critical
9.8
2023-07-31 CVE-2021-31680 Deserialization of Untrusted Data vulnerability in Ultralytics Yolov5
Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.
local
low complexity
ultralytics CWE-502
7.8
2023-07-31 CVE-2021-31681 Deserialization of Untrusted Data vulnerability in Ultralytics Yolov3
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.
local
low complexity
ultralytics CWE-502
7.8
2023-07-31 CVE-2023-24971 Deserialization of Untrusted Data vulnerability in IBM products
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects.
network
low complexity
ibm CWE-502
6.5